Jump to content


Photo

new to all of this but i need help


  • Please log in to reply
13 replies to this topic

#1 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 11 July 2004 - 07:32 PM

hi i m new to this so please forgive the silly questions but could someone help me icant keep my homepage it keeps going back to search index i have run ad-aware6.0 on it and i have run the highjackthis on it now i dont know what the heck to do someone help me please

#2 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 11 July 2004 - 07:49 PM

dont know if im suppose to do this but here i go ,www.search.com keeps taken over my homepage ,what am i suppose to delete from this from hijacker Logfile of HijackThis v1.98.0
Scan saved at 7:03:35 PM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ipko.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\appnz32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ykduz.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ykduz.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ykduz.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ykduz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ykduz.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ykduz.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1393F29F-3AD1-88F1-8182-7EBCC2149DC1} - C:\WINDOWS\msub.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Syscheck] C:\WINDOWS\Fonts\win.hta
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [netwh.exe] C:\WINDOWS\netwh.exe
O4 - HKLM\..\RunOnce: [sysra.exe] C:\WINDOWS\sysra.exe
O4 - HKLM\..\RunOnce: [apixj32.exe] C:\WINDOWS\system32\apixj32.exe
O4 - HKLM\..\RunOnce: [winvb.exe] C:\WINDOWS\system32\winvb.exe
O4 - HKLM\..\RunOnce: [syssu.exe] C:\WINDOWS\system32\syssu.exe
O4 - HKLM\..\RunOnce: [javadc.exe] C:\WINDOWS\system32\javadc.exe
O4 - HKLM\..\RunOnce: [sdkua.exe] C:\WINDOWS\sdkua.exe
O4 - HKLM\..\RunOnce: [mfcvi32.exe] C:\WINDOWS\mfcvi32.exe
O4 - HKLM\..\RunOnce: [appfy32.exe] C:\WINDOWS\system32\appfy32.exe
O4 - HKLM\..\RunOnce: [sdkbp32.exe] C:\WINDOWS\system32\sdkbp32.exe
O4 - HKLM\..\RunOnce: [mfcop32.exe] C:\WINDOWS\system32\mfcop32.exe
O4 - HKLM\..\RunOnce: [crxs32.exe] C:\WINDOWS\system32\crxs32.exe
O4 - HKLM\..\RunOnce: [mfcvx32.exe] C:\WINDOWS\system32\mfcvx32.exe
O4 - HKLM\..\RunOnce: [javaob.exe] C:\WINDOWS\system32\javaob.exe
O4 - HKLM\..\RunOnce: [appyu32.exe] C:\WINDOWS\appyu32.exe
O4 - HKLM\..\RunOnce: [crih.exe] C:\WINDOWS\crih.exe
O4 - HKLM\..\RunOnce: [javahm.exe] C:\WINDOWS\javahm.exe
O4 - HKLM\..\RunOnce: [msfk32.exe] C:\WINDOWS\msfk32.exe
O4 - HKLM\..\RunOnce: [javahg.exe] C:\WINDOWS\system32\javahg.exe
O4 - HKLM\..\RunOnce: [atlbg32.exe] C:\WINDOWS\atlbg32.exe
O4 - HKLM\..\RunOnce: [msdp.exe] C:\WINDOWS\system32\msdp.exe
O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\system32\appkz.exe
O4 - HKLM\..\RunOnce: [addoe32.exe] C:\WINDOWS\system32\addoe32.exe
O4 - HKLM\..\RunOnce: [winlw.exe] C:\WINDOWS\system32\winlw.exe
O4 - HKLM\..\RunOnce: [mfcov32.exe] C:\WINDOWS\system32\mfcov32.exe
O4 - HKLM\..\RunOnce: [wintc.exe] C:\WINDOWS\system32\wintc.exe
O4 - HKLM\..\RunOnce: [atley.exe] C:\WINDOWS\system32\atley.exe
O4 - HKLM\..\RunOnce: [crde.exe] C:\WINDOWS\system32\crde.exe
O4 - HKLM\..\RunOnce: [atlvw32.exe] C:\WINDOWS\atlvw32.exe
O4 - HKLM\..\RunOnce: [addwt.exe] C:\WINDOWS\system32\addwt.exe
O4 - HKLM\..\RunOnce: [appdn.exe] C:\WINDOWS\appdn.exe
O4 - HKLM\..\RunOnce: [iekq32.exe] C:\WINDOWS\system32\iekq32.exe
O4 - HKLM\..\RunOnce: [apigj.exe] C:\WINDOWS\apigj.exe
O4 - HKLM\..\RunOnce: [crqp.exe] C:\WINDOWS\crqp.exe
O4 - HKLM\..\RunOnce: [d3hi32.exe] C:\WINDOWS\d3hi32.exe
O4 - HKLM\..\RunOnce: [sdkax32.exe] C:\WINDOWS\system32\sdkax32.exe
O4 - HKLM\..\RunOnce: [apisx.exe] C:\WINDOWS\apisx.exe
O4 - HKLM\..\RunOnce: [sysap32.exe] C:\WINDOWS\sysap32.exe
O4 - HKLM\..\RunOnce: [addar.exe] C:\WINDOWS\system32\addar.exe
O4 - HKLM\..\RunOnce: [mfczk.exe] C:\WINDOWS\mfczk.exe
O4 - HKLM\..\RunOnce: [ntjz32.exe] C:\WINDOWS\ntjz32.exe
O4 - HKLM\..\RunOnce: [appyp32.exe] C:\WINDOWS\system32\appyp32.exe
O4 - HKLM\..\RunOnce: [ietn.exe] C:\WINDOWS\system32\ietn.exe
O4 - HKLM\..\RunOnce: [msco.exe] C:\WINDOWS\msco.exe
O4 - HKLM\..\RunOnce: [iplt32.exe] C:\WINDOWS\iplt32.exe
O4 - HKLM\..\RunOnce: [sdkpo32.exe] C:\WINDOWS\system32\sdkpo32.exe
O4 - HKLM\..\RunOnce: [appmm32.exe] C:\WINDOWS\system32\appmm32.exe
O4 - HKLM\..\RunOnce: [winsb32.exe] C:\WINDOWS\winsb32.exe
O4 - HKLM\..\RunOnce: [ntlr.exe] C:\WINDOWS\system32\ntlr.exe
O4 - HKLM\..\RunOnce: [javalv32.exe] C:\WINDOWS\javalv32.exe
O4 - HKLM\..\RunOnce: [javasn.exe] C:\WINDOWS\system32\javasn.exe
O4 - HKLM\..\RunOnce: [sysuc32.exe] C:\WINDOWS\system32\sysuc32.exe
O4 - HKLM\..\RunOnce: [appjg.exe] C:\WINDOWS\system32\appjg.exe
O4 - HKLM\..\RunOnce: [apptj.exe] C:\WINDOWS\system32\apptj.exe
O4 - HKLM\..\RunOnce: [ntyo32.exe] C:\WINDOWS\system32\ntyo32.exe
O4 - HKLM\..\RunOnce: [d3ao32.exe] C:\WINDOWS\d3ao32.exe
O4 - HKLM\..\RunOnce: [winym32.exe] C:\WINDOWS\winym32.exe
O4 - HKLM\..\RunOnce: [ipko.exe] C:\WINDOWS\system32\ipko.exe
O4 - HKLM\..\RunOnce: [atldt.exe] C:\WINDOWS\system32\atldt.exe
O4 - HKLM\..\RunOnce: [atlcl.exe] C:\WINDOWS\system32\atlcl.exe
O4 - HKLM\..\RunOnce: [netuo32.exe] C:\WINDOWS\netuo32.exe
O4 - HKLM\..\RunOnce: [mfcqt32.exe] C:\WINDOWS\mfcqt32.exe
O4 - HKLM\..\RunOnce: [winwi.exe] C:\WINDOWS\system32\winwi.exe
O4 - HKLM\..\RunOnce: [javadn.exe] C:\WINDOWS\javadn.exe
O4 - HKLM\..\RunOnce: [ntdh.exe] C:\WINDOWS\ntdh.exe
O4 - HKLM\..\RunOnce: [addnh32.exe] C:\WINDOWS\system32\addnh32.exe
O4 - HKLM\..\RunOnce: [syske32.exe] C:\WINDOWS\system32\syske32.exe
O4 - HKLM\..\RunOnce: [netlh32.exe] C:\WINDOWS\netlh32.exe
O4 - HKLM\..\RunOnce: [sysfo32.exe] C:\WINDOWS\system32\sysfo32.exe
O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\apipu32.exe
O4 - HKLM\..\RunOnce: [mfcpw32.exe] C:\WINDOWS\mfcpw32.exe
O4 - HKLM\..\RunOnce: [appcs.exe] C:\WINDOWS\appcs.exe
O4 - HKLM\..\RunOnce: [netro.exe] C:\WINDOWS\netro.exe
O4 - HKLM\..\RunOnce: [msyq.exe] C:\WINDOWS\msyq.exe
O4 - HKLM\..\RunOnce: [winix.exe] C:\WINDOWS\system32\winix.exe
O4 - HKLM\..\RunOnce: [javahx32.exe] C:\WINDOWS\system32\javahx32.exe
O4 - HKLM\..\RunOnce: [ntvn32.exe] C:\WINDOWS\ntvn32.exe
O4 - HKLM\..\RunOnce: [sdkie32.exe] C:\WINDOWS\system32\sdkie32.exe
O4 - HKLM\..\RunOnce: [apimu.exe] C:\WINDOWS\system32\apimu.exe
O4 - HKLM\..\RunOnce: [sysbs32.exe] C:\WINDOWS\sysbs32.exe
O4 - HKLM\..\RunOnce: [msjf.exe] C:\WINDOWS\msjf.exe
O4 - HKLM\..\RunOnce: [atlrx32.exe] C:\WINDOWS\system32\atlrx32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

#3 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 13 July 2004 - 03:23 PM

here is the new logfiles from aboutbuster and hjt -- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\drayb.dat
Removed! : C:\WINDOWS\dzezib.dat
Removed! : C:\WINDOWS\dzfjn.dat
Removed! : C:\WINDOWS\eazmrv.dat
Removed! : C:\WINDOWS\ebympa.dat
Removed! : C:\WINDOWS\ecmmtr.dat
Removed! : C:\WINDOWS\edmpm.dat
Removed! : C:\WINDOWS\edqmxf.dat
Removed! : C:\WINDOWS\egqlh.dat
Removed! : C:\WINDOWS\ehdyd.dat
Removed! : C:\WINDOWS\ehsldf.dat
Removed! : C:\WINDOWS\eikhl.dat
Removed! : C:\WINDOWS\ejawyq.dat
Removed! : C:\WINDOWS\ejnxs.dll
Removed! : C:\WINDOWS\ejqsj.dll
Removed! : C:\WINDOWS\enktj.dat
Removed! : C:\WINDOWS\eorpsw.dat
Removed! : C:\WINDOWS\eovdac.dat
Removed! : C:\WINDOWS\erlrs.dat
Removed! : C:\WINDOWS\erohmr.dat
Removed! : C:\WINDOWS\ewsgly.dat
Removed! : C:\WINDOWS\exfnfu.dat
Removed! : C:\WINDOWS\exyfev.dat
Removed! : C:\WINDOWS\faeuzv.dat
Removed! : C:\WINDOWS\faklhi.dat
Removed! : C:\WINDOWS\fbggi.dat
Removed! : C:\WINDOWS\fetny.dat
Removed! : C:\WINDOWS\fkpkn.dat
Removed! : C:\WINDOWS\fqzikf.dat
Removed! : C:\WINDOWS\frjet.dat
Removed! : C:\WINDOWS\frjet.dll
Removed! : C:\WINDOWS\futvo.dll
Removed! : C:\WINDOWS\fvzps.dll
Removed! : C:\WINDOWS\fwkspl.dat
Removed! : C:\WINDOWS\fxpfko.dat
Removed! : C:\WINDOWS\ginhv.dat
Removed! : C:\WINDOWS\glwwi.dat
Removed! : C:\WINDOWS\gmijcg.dat
Removed! : C:\WINDOWS\gupylo.dat
Removed! : C:\WINDOWS\gvlrmm.dat
Removed! : C:\WINDOWS\hbabxv.dat
Removed! : C:\WINDOWS\hdbanw.dat
Removed! : C:\WINDOWS\hdpqlb.dat
Removed! : C:\WINDOWS\hnifkw.dat
Removed! : C:\WINDOWS\hohoq.dat
Removed! : C:\WINDOWS\hoosu.dll
Removed! : C:\WINDOWS\hpwmcl.dat
Removed! : C:\WINDOWS\hryyzf.dat
Removed! : C:\WINDOWS\hvggf.dat
Removed! : C:\WINDOWS\hvtza.dat
Removed! : C:\WINDOWS\hywngt.dat
Removed! : C:\WINDOWS\ieafo.dat
Removed! : C:\WINDOWS\iegy.dll
Removed! : C:\WINDOWS\ierl32.dll
Removed! : C:\WINDOWS\ietk.dll
Removed! : C:\WINDOWS\ieyr32.dll
Removed! : C:\WINDOWS\ihqfs.dat
Removed! : C:\WINDOWS\ihuafp.dat
Removed! : C:\WINDOWS\ihvxl.dat
Removed! : C:\WINDOWS\ihwjoz.dat
Removed! : C:\WINDOWS\ilmgn.dat
Removed! : C:\WINDOWS\imrysn.dat
Removed! : C:\WINDOWS\ipgg.exe
Removed! : C:\WINDOWS\iplf32.dll
Removed! : C:\WINDOWS\iplt32.exe
Removed! : C:\WINDOWS\ipot.dll
Removed! : C:\WINDOWS\iprf32.dll
Removed! : C:\WINDOWS\iprx32.dll
Removed! : C:\WINDOWS\iqizy.dat
Removed! : C:\WINDOWS\itake.dat
Removed! : C:\WINDOWS\iwfin.dat
Removed! : C:\WINDOWS\ixngw.dat
Removed! : C:\WINDOWS\izhye.dat
Removed! : C:\WINDOWS\izuec.dat
Removed! : C:\WINDOWS\javadn.exe
Removed! : C:\WINDOWS\javafn.exe
Removed! : C:\WINDOWS\javahm.exe
Removed! : C:\WINDOWS\javalv32.exe
Removed! : C:\WINDOWS\jcfbh.dat
Removed! : C:\WINDOWS\jdlsl.dat
Removed! : C:\WINDOWS\jdppa.dat
Removed! : C:\WINDOWS\jeday.dat
Removed! : C:\WINDOWS\jhoudd.dat
Removed! : C:\WINDOWS\jjkmzb.dat
Removed! : C:\WINDOWS\jkwki.dat
Removed! : C:\WINDOWS\jlsvhg.dat
Removed! : C:\WINDOWS\jmacb.dat
Removed! : C:\WINDOWS\jpiayi.dat
Removed! : C:\WINDOWS\jrfll.dat
Removed! : C:\WINDOWS\jrhkth.dat
Removed! : C:\WINDOWS\jrrqx.dat
Removed! : C:\WINDOWS\juqgfy.dat
Removed! : C:\WINDOWS\jvcie.dat
Removed! : C:\WINDOWS\kexve.dll
Removed! : C:\WINDOWS\khuqcq.dat
Removed! : C:\WINDOWS\khuym.dll
Removed! : C:\WINDOWS\klgpv.dat
Removed! : C:\WINDOWS\kmtmxu.dat
Removed! : C:\WINDOWS\kmulko.dat
Removed! : C:\WINDOWS\kohbfu.dat
Removed! : C:\WINDOWS\kxjww.dat
Removed! : C:\WINDOWS\kxypet.dat
Removed! : C:\WINDOWS\lfykm.dll
Removed! : C:\WINDOWS\lmudv.dat
Removed! : C:\WINDOWS\lmufv.dat
Removed! : C:\WINDOWS\logpj.dat
Removed! : C:\WINDOWS\loruq.dat
Removed! : C:\WINDOWS\lpaaa.dat
Removed! : C:\WINDOWS\lpkro.dll
Removed! : C:\WINDOWS\lrsvzv.dat
Removed! : C:\WINDOWS\lsioa.dat
Removed! : C:\WINDOWS\lsyjmw.dat
Removed! : C:\WINDOWS\mehmyy.dat
Removed! : C:\WINDOWS\mfcbz.dll
Removed! : C:\WINDOWS\mfcpw32.exe
Removed! : C:\WINDOWS\mfcqt32.exe
Removed! : C:\WINDOWS\mfcvi32.exe
Removed! : C:\WINDOWS\mfcwf32.dll
Removed! : C:\WINDOWS\mfczk.exe
Removed! : C:\WINDOWS\mjmay.dat
Removed! : C:\WINDOWS\mlsun.dat
Removed! : C:\WINDOWS\mqdpmo.dat
Removed! : C:\WINDOWS\mrqlw.dll
Removed! : C:\WINDOWS\msco.exe
Removed! : C:\WINDOWS\mscv.exe
Removed! : C:\WINDOWS\msfk32.exe
Removed! : C:\WINDOWS\msgn32.exe
Removed! : C:\WINDOWS\msjf.exe
Removed! : C:\WINDOWS\msqj32.dll
Removed! : C:\WINDOWS\msyd32.dll
Removed! : C:\WINDOWS\msyq.exe
Removed! : C:\WINDOWS\mvsln.dll
Removed! : C:\WINDOWS\ndrbz.dll
Removed! : C:\WINDOWS\netdm.dll
Removed! : C:\WINDOWS\netlh32.exe
Removed! : C:\WINDOWS\netow32.exe
Removed! : C:\WINDOWS\netro.exe
Removed! : C:\WINDOWS\netuo32.exe
Removed! : C:\WINDOWS\netwh.exe
Removed! : C:\WINDOWS\nmenh.dat
Removed! : C:\WINDOWS\nnnnna.dat
Removed! : C:\WINDOWS\noixiw.dat
Removed! : C:\WINDOWS\npjtbo.dat
Removed! : C:\WINDOWS\npkec.dll
Removed! : C:\WINDOWS\ntdh.exe
Removed! : C:\WINDOWS\ntjz32.exe
Removed! : C:\WINDOWS\ntrm32.dll
Removed! : C:\WINDOWS\ntvn32.exe
Removed! : C:\WINDOWS\nwjfzc.dat
Removed! : C:\WINDOWS\n_dlrgap.dat
Removed! : C:\WINDOWS\n_fcgxjj.dat
Removed! : C:\WINDOWS\n_gseecp.dat
Removed! : C:\WINDOWS\n_jcdndl.dat
Removed! : C:\WINDOWS\n_oidymm.dat
Removed! : C:\WINDOWS\n_pmefux.dat
Removed! : C:\WINDOWS\n_qykdxe.dat
Removed! : C:\WINDOWS\n_sutrjf.dat
Removed! : C:\WINDOWS\n_tulalc.dat
Removed! : C:\WINDOWS\n_ugrtxw.dat
Removed! : C:\WINDOWS\n_uzqhrv.dat
Removed! : C:\WINDOWS\n_wqestj.dat
Removed! : C:\WINDOWS\oaxex.dat
Removed! : C:\WINDOWS\obmmc.dat
Removed! : C:\WINDOWS\odubf.dll
Removed! : C:\WINDOWS\oehvll.dat
Removed! : C:\WINDOWS\oiylq.dll
Removed! : C:\WINDOWS\ojedz.dat
Removed! : C:\WINDOWS\ojkpkc.dat
Removed! : C:\WINDOWS\okqjxq.dat
Removed! : C:\WINDOWS\ombok.dat
Removed! : C:\WINDOWS\opnxto.dat
Removed! : C:\WINDOWS\otljoy.dat
Removed! : C:\WINDOWS\oumxqv.dat
Removed! : C:\WINDOWS\oyiqe.dll
Removed! : C:\WINDOWS\oyllg.dat
Removed! : C:\WINDOWS\ozznmc.dat
Removed! : C:\WINDOWS\pacoo.dat
Removed! : C:\WINDOWS\pbcts.dat
Removed! : C:\WINDOWS\pbiibs.dat
Removed! : C:\WINDOWS\pbjmdm.dat
Removed! : C:\WINDOWS\pewgu.dll
Removed! : C:\WINDOWS\pjtxz.dat
Removed! : C:\WINDOWS\pkyttr.dat
Removed! : C:\WINDOWS\plqup.dll
Removed! : C:\WINDOWS\plssqp.dat
Removed! : C:\WINDOWS\pmefux.dat
Removed! : C:\WINDOWS\pntyh.dat
Removed! : C:\WINDOWS\poivr.dat
Removed! : C:\WINDOWS\psbiov.dat
Removed! : C:\WINDOWS\pzrjlk.dat
Removed! : C:\WINDOWS\qastkk.dat
Removed! : C:\WINDOWS\qdydnc.dat
Removed! : C:\WINDOWS\qejcz.dat
Removed! : C:\WINDOWS\qfhhzh.dat
Removed! : C:\WINDOWS\qftsgw.dat
Removed! : C:\WINDOWS\qgeudb.dat
Removed! : C:\WINDOWS\qhsah.dat
Removed! : C:\WINDOWS\qicbc.dat
Removed! : C:\WINDOWS\qmuiqt.dat
Removed! : C:\WINDOWS\qrfkts.dat
Removed! : C:\WINDOWS\qsldd.dat
Removed! : C:\WINDOWS\quzdf.dll
Removed! : C:\WINDOWS\qxxbpd.dat
Removed! : C:\WINDOWS\qybat.dll
Removed! : C:\WINDOWS\rbyxnh.dat
Removed! : C:\WINDOWS\refgdx.dat
Removed! : C:\WINDOWS\rekkce.dat
Removed! : C:\WINDOWS\ridri.dll
Removed! : C:\WINDOWS\ripktx.dat
Removed! : C:\WINDOWS\rjvwpi.dat
Removed! : C:\WINDOWS\rklnq.dat
Removed! : C:\WINDOWS\rmfsjm.dat
Removed! : C:\WINDOWS\rorzai.dat
Removed! : C:\WINDOWS\rpsne.dat
Removed! : C:\WINDOWS\rrbdp.dat
Removed! : C:\WINDOWS\rrmot.dat
Removed! : C:\WINDOWS\rshkno.dat
Removed! : C:\WINDOWS\rsluw.dat
Removed! : C:\WINDOWS\rssaw.dat
Removed! : C:\WINDOWS\rtcbd.dat
Removed! : C:\WINDOWS\rtont.dll
Removed! : C:\WINDOWS\rvqyni.dat
Removed! : C:\WINDOWS\rwheco.dat
Removed! : C:\WINDOWS\rwyevj.dat
Removed! : C:\WINDOWS\rxyka.dat
Removed! : C:\WINDOWS\rytrx.dat
Removed! : C:\WINDOWS\saqsi.dll
Removed! : C:\WINDOWS\sbehma.dat
Removed! : C:\WINDOWS\scbnw.dat
Removed! : C:\WINDOWS\sdeaq.dll
Removed! : C:\WINDOWS\sdkcj32.exe
Removed! : C:\WINDOWS\sdkkc.dll
Removed! : C:\WINDOWS\sdkoq.exe
Removed! : C:\WINDOWS\sdkua.exe
Removed! : C:\WINDOWS\sdkut32.exe
Removed! : C:\WINDOWS\sdrgau.dat
Removed! : C:\WINDOWS\seitan.dat
Removed! : C:\WINDOWS\shuhpl.dat
Removed! : C:\WINDOWS\sijxoe.dat
Removed! : C:\WINDOWS\skdrbe.dat
Removed! : C:\WINDOWS\sldbe.dat
Removed! : C:\WINDOWS\smgec.dat
Removed! : C:\WINDOWS\snziz.dat
Removed! : C:\WINDOWS\sompyp.dat
Removed! : C:\WINDOWS\spdin.dll
Removed! : C:\WINDOWS\srlchm.dat
Removed! : C:\WINDOWS\syeide.dat
Removed! : C:\WINDOWS\sysap32.exe
Removed! : C:\WINDOWS\sysbs32.exe
Removed! : C:\WINDOWS\sysmz32.exe
Removed! : C:\WINDOWS\sysnj.exe
Removed! : C:\WINDOWS\sysra.exe
Removed! : C:\WINDOWS\tboyn.dat
Removed! : C:\WINDOWS\tbvlj.dat
Removed! : C:\WINDOWS\tceytt.dat
Removed! : C:\WINDOWS\tdgcnx.dat
Removed! : C:\WINDOWS\tdzwhj.dat
Removed! : C:\WINDOWS\temdo.dat
Removed! : C:\WINDOWS\tewxh.dat
Removed! : C:\WINDOWS\tfwqa.dat
Removed! : C:\WINDOWS\tigveb.dat
Removed! : C:\WINDOWS\tlzpgq.dat
Removed! : C:\WINDOWS\tmrhh.dat
Removed! : C:\WINDOWS\tmzcn.dat
Removed! : C:\WINDOWS\tnemq.dat
Removed! : C:\WINDOWS\tobku.dat
Removed! : C:\WINDOWS\tsrykg.dat
Removed! : C:\WINDOWS\tuhwhm.dat
Removed! : C:\WINDOWS\tvmsf.dat
Removed! : C:\WINDOWS\ubpeyk.dat
Removed! : C:\WINDOWS\uezvu.dat
Removed! : C:\WINDOWS\ugrtxw.dat
Removed! : C:\WINDOWS\ugzzie.dat
Removed! : C:\WINDOWS\ukzyp.dat
Removed! : C:\WINDOWS\ulkyty.dat
Removed! : C:\WINDOWS\uojvz.dat
Removed! : C:\WINDOWS\urhko.dat
Removed! : C:\WINDOWS\utbxnr.dat
Removed! : C:\WINDOWS\uusyy.dat
Removed! : C:\WINDOWS\uxfttf.dat
Removed! : C:\WINDOWS\vbmxu.dat
Removed! : C:\WINDOWS\vbxzqe.dat
Removed! : C:\WINDOWS\vdkuxn.dat
Removed! : C:\WINDOWS\veacs.dat
Removed! : C:\WINDOWS\vetcbq.dat
Removed! : C:\WINDOWS\vhclcp.dat
Removed! : C:\WINDOWS\vhwvz.dat
Removed! : C:\WINDOWS\vjzjr.dll
Removed! : C:\WINDOWS\vmyta.dat
Removed! : C:\WINDOWS\vojsmh.dat
Removed! : C:\WINDOWS\voowx.dat
Removed! : C:\WINDOWS\vqjjc.dat
Removed! : C:\WINDOWS\vqmusm.dat
Removed! : C:\WINDOWS\vsaogr.dat
Removed! : C:\WINDOWS\vxits.dat
Removed! : C:\WINDOWS\vyqgni.dat
Removed! : C:\WINDOWS\vzcel.dat
Removed! : C:\WINDOWS\waekes.dat
Removed! : C:\WINDOWS\wcbczp.dat
Removed! : C:\WINDOWS\wdddl.dat
Removed! : C:\WINDOWS\winlb.dll
Removed! : C:\WINDOWS\winsb32.exe
Removed! : C:\WINDOWS\wints32.dll
Removed! : C:\WINDOWS\winym32.exe
Removed! : C:\WINDOWS\wjoyn.dat
Removed! : C:\WINDOWS\wkvapv.dat
Removed! : C:\WINDOWS\wsxym.dat
Removed! : C:\WINDOWS\wuivlq.dat
Removed! : C:\WINDOWS\xaysp.dat
Removed! : C:\WINDOWS\xfhnb.dat
Removed! : C:\WINDOWS\xfxhmk.dat
Removed! : C:\WINDOWS\xgfdk.dat
Removed! : C:\WINDOWS\xlyqhz.dat
Removed! : C:\WINDOWS\xmgez.dat
Removed! : C:\WINDOWS\xmwlb.dat
Removed! : C:\WINDOWS\xuqfe.dat
Removed! : C:\WINDOWS\xuymp.dat
Removed! : C:\WINDOWS\xwfmzv.dat
Removed! : C:\WINDOWS\xxbyc.dat
Removed! : C:\WINDOWS\ycrlxa.dat
Removed! : C:\WINDOWS\yffwhq.dat
Removed! : C:\WINDOWS\ygiaxl.dat
Removed! : C:\WINDOWS\ymaodf.dat
Removed! : C:\WINDOWS\ynbhp.dat
Removed! : C:\WINDOWS\yoxgab.dat
Removed! : C:\WINDOWS\yoxxw.dll
Removed! : C:\WINDOWS\ypwdhw.dat
Removed! : C:\WINDOWS\yrkmfc.dat
Removed! : C:\WINDOWS\yruqi.dat
Removed! : C:\WINDOWS\ysicz.dat
Removed! : C:\WINDOWS\ywrmuf.dat
Removed! : C:\WINDOWS\yylzcc.dat
Removed! : C:\WINDOWS\zardw.dat
Removed! : C:\WINDOWS\zaurbs.dat
Removed! : C:\WINDOWS\zbese.dat
Removed! : C:\WINDOWS\zbfly.dll
Removed! : C:\WINDOWS\zcjqa.dat
Removed! : C:\WINDOWS\zfabye.dat
Removed! : C:\WINDOWS\zghdk.dat
Removed! : C:\WINDOWS\ziotlk.dat
Removed! : C:\WINDOWS\zitdil.dat
Removed! : C:\WINDOWS\ziygj.dat
Removed! : C:\WINDOWS\zjmaqb.dat
Removed! : C:\WINDOWS\zkmut.dat
Removed! : C:\WINDOWS\zkyzd.dat
Removed! : C:\WINDOWS\zrlipn.dat
Removed! : C:\WINDOWS\zrwfz.dat
Removed! : C:\WINDOWS\zvgjg.dat
Removed! : C:\WINDOWS\zxapc.dat
Removed! : C:\WINDOWS\zxrbbx.dat
Removed! : C:\WINDOWS\System32\addar.exe
Removed! : C:\WINDOWS\System32\addgi.exe
Removed! : C:\WINDOWS\System32\addmm32.dll
Removed! : C:\WINDOWS\System32\addnh32.exe
Removed! : C:\WINDOWS\System32\addoe32.exe
Removed! : C:\WINDOWS\System32\addwt.exe
Removed! : C:\WINDOWS\System32\aemiu.dll
Removed! : C:\WINDOWS\System32\ajbub.dat
Removed! : C:\WINDOWS\System32\akjdp.dat
Removed! : C:\WINDOWS\System32\aljaq.dll
Removed! : C:\WINDOWS\System32\anjeu.dat
Removed! : C:\WINDOWS\System32\apikz.exe
Removed! : C:\WINDOWS\System32\apimu.exe
Removed! : C:\WINDOWS\System32\apiud.dll
Removed! : C:\WINDOWS\System32\apiwa.dll
Removed! : C:\WINDOWS\System32\apixj32.exe
Removed! : C:\WINDOWS\System32\appba.dll
Removed! : C:\WINDOWS\System32\appef32.dll
Removed! : C:\WINDOWS\System32\appfy32.exe
Removed! : C:\WINDOWS\System32\appjg.exe
Removed! : C:\WINDOWS\System32\appkz.exe
Removed! : C:\WINDOWS\System32\appmm32.exe
Error Removing! : C:\WINDOWS\System32\appnz32.exe
Removed! : C:\WINDOWS\System32\apptj.exe
Removed! : C:\WINDOWS\System32\appyp32.exe
Removed! : C:\WINDOWS\System32\atlcl.exe
Removed! : C:\WINDOWS\System32\atldt.exe
Removed! : C:\WINDOWS\System32\atley.exe
Removed! : C:\WINDOWS\System32\atlfz.dll
Removed! : C:\WINDOWS\System32\atlgy32.dll
Removed! : C:\WINDOWS\System32\atlrx32.exe
Removed! : C:\WINDOWS\System32\atltv32.dll
Removed! : C:\WINDOWS\System32\avygu.dat
Removed! : C:\WINDOWS\System32\aymsb.dll
Removed! : C:\WINDOWS\System32\bdrav.dll
Removed! : C:\WINDOWS\System32\bimka.dat
Removed! : C:\WINDOWS\System32\bjqnt.dll
Removed! : C:\WINDOWS\System32\bkujn.dat
Removed! : C:\WINDOWS\System32\bnfpt.dat
Removed! : C:\WINDOWS\System32\botgg.dat
Removed! : C:\WINDOWS\System32\bqaue.dat
Removed! : C:\WINDOWS\System32\btphs.dat
Removed! : C:\WINDOWS\System32\bxaoc.dat
Removed! : C:\WINDOWS\System32\crde.exe
Removed! : C:\WINDOWS\System32\crgq.dll
Removed! : C:\WINDOWS\System32\crie32.dll
Removed! : C:\WINDOWS\System32\crxs32.exe
Removed! : C:\WINDOWS\System32\csmcm.dat
Removed! : C:\WINDOWS\System32\ctiwj.dat
Removed! : C:\WINDOWS\System32\cvezl.dat
Removed! : C:\WINDOWS\System32\d3zw.exe
Removed! : C:\WINDOWS\System32\dgkjm.dat
Removed! : C:\WINDOWS\System32\dhbbk.dat
Removed! : C:\WINDOWS\System32\dhdve.dat
Removed! : C:\WINDOWS\System32\doxyr.dll
Removed! : C:\WINDOWS\System32\dqlyg.dat
Removed! : C:\WINDOWS\System32\duykb.dat
Removed! : C:\WINDOWS\System32\ebxao.dat
Removed! : C:\WINDOWS\System32\edfbj.dat
Removed! : C:\WINDOWS\System32\edzso.dat
Removed! : C:\WINDOWS\System32\esgsg.dat
Removed! : C:\WINDOWS\System32\esoqa.dll
Removed! : C:\WINDOWS\System32\fhegt.dat
Removed! : C:\WINDOWS\System32\fjkvp.dat
Removed! : C:\WINDOWS\System32\flmpw.dat
Removed! : C:\WINDOWS\System32\flqnc.dat
Removed! : C:\WINDOWS\System32\fsjid.dll
Removed! : C:\WINDOWS\System32\fyekj.dat
Removed! : C:\WINDOWS\System32\gcgjt.dll
Removed! : C:\WINDOWS\System32\gdcsd.dat
Removed! : C:\WINDOWS\System32\guxve.dat
Removed! : C:\WINDOWS\System32\haxwd.dat
Removed! : C:\WINDOWS\System32\hbmzo.dat
Removed! : C:\WINDOWS\System32\hgqxu.dat
Removed! : C:\WINDOWS\System32\hjxlk.dat
Removed! : C:\WINDOWS\System32\hlcqf.dat
Removed! : C:\WINDOWS\System32\hlzml.dat
Removed! : C:\WINDOWS\System32\hniga.dll
Removed! : C:\WINDOWS\System32\hofmr.dll
Removed! : C:\WINDOWS\System32\hxqty.dat
Removed! : C:\WINDOWS\System32\iekq32.exe
Removed! : C:\WINDOWS\System32\ietn.dll
Removed! : C:\WINDOWS\System32\ietn.exe
Removed! : C:\WINDOWS\System32\ipko.exe
Removed! : C:\WINDOWS\System32\iwvms.dll
Removed! : C:\WINDOWS\System32\iyzcr.dll
Removed! : C:\WINDOWS\System32\jaegr.dat
Removed! : C:\WINDOWS\System32\jagcr.dll
Removed! : C:\WINDOWS\System32\javaan32.exe
Removed! : C:\WINDOWS\System32\javadc.exe
Removed! : C:\WINDOWS\System32\javahg.exe
Removed! : C:\WINDOWS\System32\javahx32.exe
Removed! : C:\WINDOWS\System32\javakj.exe
Removed! : C:\WINDOWS\System32\javaob.exe
Removed! : C:\WINDOWS\System32\javapc32.exe
Removed! : C:\WINDOWS\System32\javasn.exe
Removed! : C:\WINDOWS\System32\javata.dll
Removed! : C:\WINDOWS\System32\javawa.dll
Removed! : C:\WINDOWS\System32\jbfnz.dat
Removed! : C:\WINDOWS\System32\jelxs.dat
Removed! : C:\WINDOWS\System32\jfnbh.dat
Removed! : C:\WINDOWS\System32\jkgmo.dat
Removed! : C:\WINDOWS\System32\jllkn.dat
Removed! : C:\WINDOWS\System32\jwfda.dll
Removed! : C:\WINDOWS\System32\jxocf.dat
Removed! : C:\WINDOWS\System32\kdtgy.dll
Removed! : C:\WINDOWS\System32\keigh.dat
Removed! : C:\WINDOWS\System32\lfxxk.dat
Removed! : C:\WINDOWS\System32\lguaf.dat
Removed! : C:\WINDOWS\System32\lkfye.dat
Removed! : C:\WINDOWS\System32\lliam.dat
Removed! : C:\WINDOWS\System32\lrtls.dll
Removed! : C:\WINDOWS\System32\lsyim.dll
Removed! : C:\WINDOWS\System32\ltexw.dat
Removed! : C:\WINDOWS\System32\lwtda.dat
Removed! : C:\WINDOWS\System32\lwtfl.dat
Removed! : C:\WINDOWS\System32\lxxwv.dat
Removed! : C:\WINDOWS\System32\lzboq.dat
Removed! : C:\WINDOWS\System32\mfcop32.exe
Removed! : C:\WINDOWS\System32\mfcov32.exe
Removed! : C:\WINDOWS\System32\mfctd.dll
Removed! : C:\WINDOWS\System32\mfcvx32.exe
Removed! : C:\WINDOWS\System32\mfewx.dll
Removed! : C:\WINDOWS\System32\mgdnx.dat
Removed! : C:\WINDOWS\System32\mhewq.dat
Removed! : C:\WINDOWS\System32\mhpfa.dat
Removed! : C:\WINDOWS\System32\mlzwg.dat
Removed! : C:\WINDOWS\System32\mptom.dat
Removed! : C:\WINDOWS\System32\msdp.exe
Removed! : C:\WINDOWS\System32\mssk.dll
Removed! : C:\WINDOWS\System32\mxnhg.dll
Removed! : C:\WINDOWS\System32\myzeh.dat
Removed! : C:\WINDOWS\System32\nacbm.dll
Removed! : C:\WINDOWS\System32\nbyox.dat
Removed! : C:\WINDOWS\System32\netkx32.exe
Removed! : C:\WINDOWS\System32\netlu32.dll
Removed! : C:\WINDOWS\System32\netvi.dll
Removed! : C:\WINDOWS\System32\netvs32.dll
Removed! : C:\WINDOWS\System32\netzr.dll
Removed! : C:\WINDOWS\System32\nfdoc.dat
Removed! : C:\WINDOWS\System32\nfjof.dat
Removed! : C:\WINDOWS\System32\nktco.dat
Removed! : C:\WINDOWS\System32\nmilw.dat
Removed! : C:\WINDOWS\System32\ntlr.exe
Removed! : C:\WINDOWS\System32\ntlzp.dat
Removed! : C:\WINDOWS\System32\ntyo32.exe
Removed! : C:\WINDOWS\System32\oayyd.dat
Removed! : C:\WINDOWS\System32\ojocw.dat
Removed! : C:\WINDOWS\System32\oklwo.dat
Removed! : C:\WINDOWS\System32\oprqn.dat
Removed! : C:\WINDOWS\System32\pfkvv.dat
Removed! : C:\WINDOWS\System32\pivry.dat
Removed! : C:\WINDOWS\System32\qadwb.dat
Removed! : C:\WINDOWS\System32\qdwws.dat
Removed! : C:\WINDOWS\System32\qfiux.dat
Removed! : C:\WINDOWS\System32\qfncb.dat
Removed! : C:\WINDOWS\System32\qkumh.dat
Removed! : C:\WINDOWS\System32\qmlls.dat
Removed! : C:\WINDOWS\System32\qxjbz.dll
Removed! : C:\WINDOWS\System32\rbprj.dat
Removed! : C:\WINDOWS\System32\rgbpf.dat
Removed! : C:\WINDOWS\System32\rkbwk.dat
Removed! : C:\WINDOWS\System32\rmown.dat
Removed! : C:\WINDOWS\System32\rxgvn.dat
Removed! : C:\WINDOWS\System32\sbeok.dll
Removed! : C:\WINDOWS\System32\sdkad32.dll
Removed! : C:\WINDOWS\System32\sdkax32.exe
Removed! : C:\WINDOWS\System32\sdkbp32.exe
Removed! : C:\WINDOWS\System32\sdkie32.exe
Removed! : C:\WINDOWS\System32\sdklr.dll
Removed! : C:\WINDOWS\System32\sdkpo32.exe
Removed! : C:\WINDOWS\System32\sgsde.dat
Removed! : C:\WINDOWS\System32\shfma.dat
Removed! : C:\WINDOWS\System32\suiok.dat
Removed! : C:\WINDOWS\System32\sysfo32.exe
Removed! : C:\WINDOWS\System32\syske32.exe
Removed! : C:\WINDOWS\System32\syssu.exe
Removed! : C:\WINDOWS\System32\sysuc32.exe
Removed! : C:\WINDOWS\System32\sysuh.exe
Removed! : C:\WINDOWS\System32\tacjq.dll
Removed! : C:\WINDOWS\System32\tbvaq.dat
Removed! : C:\WINDOWS\System32\tmugf.dat
Removed! : C:\WINDOWS\System32\tpyua.dat
Removed! : C:\WINDOWS\System32\tpzsa.dll
Removed! : C:\WINDOWS\System32\tvdwr.dll
Removed! : C:\WINDOWS\System32\tvsoe.dat
Removed! : C:\WINDOWS\System32\ucqer.dat
Removed! : C:\WINDOWS\System32\ugnme.dat
Removed! : C:\WINDOWS\System32\ujldv.dat
Removed! : C:\WINDOWS\System32\upthj.dat
Removed! : C:\WINDOWS\System32\uvnfr.dat
Removed! : C:\WINDOWS\System32\uyzeu.dat
Removed! : C:\WINDOWS\System32\vajes.dat
Removed! : C:\WINDOWS\System32\vbcsh.dat
Removed! : C:\WINDOWS\System32\vbmox.dll
Removed! : C:\WINDOWS\System32\veohw.dll
Removed! : C:\WINDOWS\System32\vgwkg.dat
Removed! : C:\WINDOWS\System32\vmrie.dat
Removed! : C:\WINDOWS\System32\vukfq.dat
Removed! : C:\WINDOWS\System32\wcjvu.dat
Removed! : C:\WINDOWS\System32\webni.dat
Removed! : C:\WINDOWS\System32\wephw.dat
Removed! : C:\WINDOWS\System32\winaz32.dll
Removed! : C:\WINDOWS\System32\winix.exe
Removed! : C:\WINDOWS\System32\winlw.exe
Removed! : C:\WINDOWS\System32\winlx32.dll
Removed! : C:\WINDOWS\System32\wintc.exe
Removed! : C:\WINDOWS\System32\winvb.exe
Removed! : C:\WINDOWS\System32\winwi.exe
Removed! : C:\WINDOWS\System32\wjpde.dat
Removed! : C:\WINDOWS\System32\wjqhp.dat
Removed! : C:\WINDOWS\System32\wjywt.dat
Removed! : C:\WINDOWS\System32\wrcqi.dll
Removed! : C:\WINDOWS\System32\wtfxv.dll
Removed! : C:\WINDOWS\System32\wults.dat
Removed! : C:\WINDOWS\System32\wuvoc.dat
Removed! : C:\WINDOWS\System32\wwatw.dll
Removed! : C:\WINDOWS\System32\xgpxm.dll
Removed! : C:\WINDOWS\System32\xiwrx.dat
Removed! : C:\WINDOWS\System32\xkdoc.dat
Removed! : C:\WINDOWS\System32\xldqo.dat
Removed! : C:\WINDOWS\System32\xrleh.dat
Removed! : C:\WINDOWS\System32\xruyz.dat
Removed! : C:\WINDOWS\System32\xurxm.dat
Removed! : C:\WINDOWS\System32\xxcor.dll
Removed! : C:\WINDOWS\System32\yasnv.dat
Removed! : C:\WINDOWS\System32\ykbhe.dat
Removed! : C:\WINDOWS\System32\ykduz.dll
Removed! : C:\WINDOWS\System32\ynssb.dat
Removed! : C:\WINDOWS\System32\ywvqm.dat
Removed! : C:\WINDOWS\System32\zdoqw.dat
Removed! : C:\WINDOWS\System32\zfeec.dat
Removed! : C:\WINDOWS\System32\zirml.dat
Removed! : C:\WINDOWS\System32\znsww.dat
Removed! : C:\WINDOWS\System32\zphnj.dll
Removed! : C:\WINDOWS\System32\zpidl.dat
Removed! : C:\WINDOWS\System32\zubmm.dat
Removed! : C:\WINDOWS\System32\zvteo.dat
Removed! : C:\WINDOWS\System32\zyuec.dll
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done! Logfile of HijackThis v1.98.0
Scan saved at 2:53:22 PM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ntuj32.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\appnz32.exe
C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://futvo.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\futvo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E932D92E-8970-9789-B6C8-5C0899F1BA68} - C:\WINDOWS\ntfu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Syscheck] C:\WINDOWS\Fonts\win.hta
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe
O4 - HKLM\..\RunOnce: [d3uc32.exe] C:\WINDOWS\system32\d3uc32.exe
O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe
O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\system32\atlfd.exe
O4 - HKLM\..\RunOnce: [appsf.exe] C:\WINDOWS\appsf.exe
O4 - HKLM\..\RunOnce: [msly32.exe] C:\WINDOWS\system32\msly32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

#4 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 13 July 2004 - 04:08 PM

ok here it is aboutbusterlog file in safe mode -- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\drayb.dat
Removed! : C:\WINDOWS\futvo.dll
Removed! : C:\WINDOWS\gmijcg.dat
Removed! : C:\WINDOWS\jvcie.dat
Removed! : C:\WINDOWS\kxypet.dat
Removed! : C:\WINDOWS\qftsgw.dat
Removed! : C:\WINDOWS\rvqyni.dat
Removed! : C:\WINDOWS\wcbczp.dat
Removed! : C:\WINDOWS\System32\appnz32.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

#5 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 13 July 2004 - 05:12 PM

well here it is the newest logfile from hjt Logfile of HijackThis v1.98.0
Scan saved at 5:09:44 PM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ntuj32.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\mfcup.exe
C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://futvo.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\futvo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E932D92E-8970-9789-B6C8-5C0899F1BA68} - C:\WINDOWS\ntfu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Syscheck] C:\WINDOWS\Fonts\win.hta
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mfcup.exe] C:\WINDOWS\system32\mfcup.exe
O4 - HKLM\..\RunOnce: [d3uc32.exe] C:\WINDOWS\system32\d3uc32.exe
O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe
O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\system32\atlfd.exe
O4 - HKLM\..\RunOnce: [appsf.exe] C:\WINDOWS\appsf.exe
O4 - HKLM\..\RunOnce: [msly32.exe] C:\WINDOWS\system32\msly32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

#6 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 13 July 2004 - 05:25 PM

ok here we go again the newestlog from buster and hjt -- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\drayb.dat
Removed! : C:\WINDOWS\futvo.dll
Removed! : C:\WINDOWS\jvcie.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done! and the newest hjt logLogfile of HijackThis v1.98.0
Scan saved at 5:22:02 PM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ntuj32.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\mfcup.exe
C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://futvo.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\futvo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E932D92E-8970-9789-B6C8-5C0899F1BA68} - C:\WINDOWS\ntfu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Syscheck] C:\WINDOWS\Fonts\win.hta
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mfcup.exe] C:\WINDOWS\system32\mfcup.exe
O4 - HKLM\..\RunOnce: [d3uc32.exe] C:\WINDOWS\system32\d3uc32.exe
O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe
O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\system32\atlfd.exe
O4 - HKLM\..\RunOnce: [appsf.exe] C:\WINDOWS\appsf.exe
O4 - HKLM\..\RunOnce: [msly32.exe] C:\WINDOWS\system32\msly32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

#7 Atribune

Atribune

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 302 posts

Posted 13 July 2004 - 06:18 PM

FOLLOW ALL STEPS WITHOUT REBOOTING AND WITH ALL OTHER WINDOWS CLOSED

First go to add/remove programs and uninstall global dialers if it is present

Please run HijackThis again and place a check beside each of the following. Once done close all other windows and click fix checked.

O2 - BHO: (no name) - {E932D92E-8970-9789-B6C8-5C0899F1BA68} - C:\WINDOWS\ntfu.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O4 - HKLM\..\Run: [Syscheck] C:\WINDOWS\Fonts\win.hta
O4 - HKLM\..\Run: [mfcup.exe] C:\WINDOWS\system32\mfcup.exe
O4 - HKLM\..\RunOnce: [d3uc32.exe] C:\WINDOWS\system32\d3uc32.exe
O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe
O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\system32\atlfd.exe
O4 - HKLM\..\RunOnce: [appsf.exe] C:\WINDOWS\appsf.exe
O4 - HKLM\..\RunOnce: [msly32.exe] C:\WINDOWS\system32\msly32.exe
O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

Next press ctrl, alt and delete at the same time and then click the processes tab.

Find and end task the following files
\ntuj32.exe
\mfcup.exe

Now close Task Manager

Next find and delete the following files and folders
C:\WINDOWS\ntfu.dll <---file
C:\WINDOWS\Fonts\win.hta <---file
C:\WINDOWS\system32\mfcup.exe <---file
C:\WINDOWS\system32\d3uc32.exe <---file
C:\WINDOWS\ntuj32.exe <---file
C:\WINDOWS\system32\atlfd.exe <---file
C:\WINDOWS\appsf.exe <---file
C:\WINDOWS\system32\msly32.exe <---file
c:\program files\GlobalDialer <---folder


Now run About Buster 2 times and copy the logs to be posted along with a fresh hijackthis log after rebooting.

#8 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 14 July 2004 - 07:50 AM

here is my log files from buster and hjt after i cleaned -- Scan 1 --------
About:Buster Version 1.27
Removed! : C:\WINDOWS\drayb.dat
Removed! : C:\WINDOWS\futvo.dll
Removed! : C:\WINDOWS\jvcie.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done! here is the second logfile from buster -- Scan 1 --------
About:Buster Version 1.27
Attempted Clean Of Temp folder.
Pages Reset... Done! and here is the logfile from hjt after reboot Logfile of HijackThis v1.98.0
Scan saved at 7:42:34 AM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ntuj32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mfcup.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E13B4A8D-94E1-7DC1-FA52-A00B49ABE3D4} - C:\WINDOWS\system32\msrf32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mfcup.exe] C:\WINDOWS\system32\mfcup.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab

#9 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 14 July 2004 - 08:01 AM

well im still getting the same problem i still cant keep my homepage it still goes back to http search index help me out i must have done something wrong

#10 Atribune

Atribune

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 302 posts

Posted 14 July 2004 - 05:21 PM

Johnboy come see me in chat again!

#11 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 14 July 2004 - 08:13 PM

here we are maybe this time Logfile of HijackThis v1.98.0
Scan saved at 8:08:22 PM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ntuj32.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svxhost.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
c:\windows\erxs.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\explorer.exe
c:\windows\erxs.exe
C:\Documents and Settings\timmy helm\Application Data\ttuh.exe
C:\WINDOWS\System32\hfcqlt.exe
C:\WINDOWS\System32\koelie.exe
C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4BA06C7A-EF1C-5C9D-8220-15550AA37E49} - C:\WINDOWS\System32\uskx.dll
O2 - BHO: (no name) - {E13B4A8D-94E1-7DC1-FA52-A00B49ABE3D4} - C:\WINDOWS\system32\msrf32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\Run: [DPA] c:\windows\erxs.exe
O4 - HKLM\..\Run: [msnupdate] koelie.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\RunServices: [msnupdate] koelie.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\timmy helm\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Tbfueo] C:\WINDOWS\System32\hfcqlt.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

#12 Atribune

Atribune

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 302 posts

Posted 14 July 2004 - 08:34 PM

Please run HijackThis again and place a check beside each of the foloowing items. Once done close all other windows and click fix checked.

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {4BA06C7A-EF1C-5C9D-8220-15550AA37E49} - C:\WINDOWS\System32\uskx.dll
O2 - BHO: (no name) - {E13B4A8D-94E1-7DC1-FA52-A00B49ABE3D4} - C:\WINDOWS\system32\msrf32.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\Run: [DPA] c:\windows\erxs.exe
O4 - HKLM\..\Run: [msnupdate] koelie.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\RunServices: [msnupdate] koelie.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\timmy helm\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Tbfueo] C:\WINDOWS\System32\hfcqlt.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab


Next boot to safe mode and delete the following files.

C:\WINDOWS\System32\uskx.dll
C:\WINDOWS\System32\svxhost.exe
C:\Documents and Settings\timmy helm\Application Data\ttuh.exe
C:\WINDOWS\System32\hfcqlt.exe
C:\WINDOWS\System32\koelie.exe
c:\windows\erxs.exe
C:\WINDOWS\System32\hfcqlt.exe

Now while still in safe mode run About:Buster again.
Copy the log from it and post it along with another HijackThis log.

#13 johnboy

johnboy

    Member

  • Full Member
  • Pip
  • 94 posts

Posted 14 July 2004 - 09:15 PM

well here it is again -- Scan 1 --------
About:Buster Version 1.30
Removed! : C:\WINDOWS\acxld.dat
Removed! : C:\WINDOWS\aeflk.dat
Removed! : C:\WINDOWS\axnna.dat
Removed! : C:\WINDOWS\bmuhh.dat
Removed! : C:\WINDOWS\bytes.dat
Removed! : C:\WINDOWS\cdrfr.dat
Removed! : C:\WINDOWS\cnzyx.dat
Removed! : C:\WINDOWS\dceew.dat
Removed! : C:\WINDOWS\efyuf.dat
Removed! : C:\WINDOWS\enzff.dat
Removed! : C:\WINDOWS\esgfg.dat
Removed! : C:\WINDOWS\euvxu.dat
Removed! : C:\WINDOWS\fxcmh.dat
Removed! : C:\WINDOWS\gfisn.dat
Removed! : C:\WINDOWS\ggbhb.dat
Removed! : C:\WINDOWS\gkxbf.dat
Removed! : C:\WINDOWS\gwjzh.dat
Removed! : C:\WINDOWS\hdjkm.dat
Removed! : C:\WINDOWS\jkvmz.dat
Removed! : C:\WINDOWS\jlsvh.dat
Removed! : C:\WINDOWS\jtsdi.dat
Removed! : C:\WINDOWS\kmvvx.dat
Removed! : C:\WINDOWS\krgvy.dat
Removed! : C:\WINDOWS\loclp.dat
Removed! : C:\WINDOWS\mdusk.dat
Removed! : C:\WINDOWS\mfovf.dat
Removed! : C:\WINDOWS\mqdpm.dat
Removed! : C:\WINDOWS\mreeu.dat
Removed! : C:\WINDOWS\mxeuv.dat
Removed! : C:\WINDOWS\nptdl.dat
Error Removing! : C:\WINDOWS\ntuj32.exe
Removed! : C:\WINDOWS\nuzeb.dat
Removed! : C:\WINDOWS\nwquz.dat
Removed! : C:\WINDOWS\pemou.dat
Removed! : C:\WINDOWS\pqfvh.dat
Removed! : C:\WINDOWS\pyvpz.dat
Removed! : C:\WINDOWS\qdcfx.dat
Removed! : C:\WINDOWS\rkype.dat
Removed! : C:\WINDOWS\romlk.dat
Removed! : C:\WINDOWS\rvqyni.dat
Removed! : C:\WINDOWS\rzktx.dat
Removed! : C:\WINDOWS\syuib.dat
Removed! : C:\WINDOWS\tbomj.dat
Removed! : C:\WINDOWS\tdfoq.dat
Removed! : C:\WINDOWS\togkm.dat
Removed! : C:\WINDOWS\towpv.dat
Removed! : C:\WINDOWS\tqepp.dat
Removed! : C:\WINDOWS\tuljw.dat
Removed! : C:\WINDOWS\ucnni.dat
Removed! : C:\WINDOWS\vypzc.dat
Removed! : C:\WINDOWS\vzfcq.dat
Removed! : C:\WINDOWS\waeke.dat
Removed! : C:\WINDOWS\wxgtx.dat
Removed! : C:\WINDOWS\wzkvh.dat
Removed! : C:\WINDOWS\xhxmn.dat
Removed! : C:\WINDOWS\xjhff.dat
Removed! : C:\WINDOWS\yezzp.dat
Removed! : C:\WINDOWS\yimlk.dat
Removed! : C:\WINDOWS\yycfm.dat
Removed! : C:\WINDOWS\yyjnx.dat
Removed! : C:\WINDOWS\zaurb.dat
Removed! : C:\WINDOWS\zpjnk.dat
Removed! : C:\WINDOWS\zuaed.dat
Removed! : C:\WINDOWS\System32\aqxjs.dat
Removed! : C:\WINDOWS\System32\bdayk.dat
Removed! : C:\WINDOWS\System32\bsnsz.dat
Removed! : C:\WINDOWS\System32\dsuym.dat
Removed! : C:\WINDOWS\System32\ehphs.dat
Removed! : C:\WINDOWS\System32\etojt.dat
Removed! : C:\WINDOWS\System32\gcpqw.dat
Removed! : C:\WINDOWS\System32\ghzpw.dat
Removed! : C:\WINDOWS\System32\gpahq.dat
Removed! : C:\WINDOWS\System32\gugoa.dat
Removed! : C:\WINDOWS\System32\gwmes.dat
Removed! : C:\WINDOWS\System32\hjfep.dat
Removed! : C:\WINDOWS\System32\hujiu.dat
Removed! : C:\WINDOWS\System32\iaobj.dat
Removed! : C:\WINDOWS\System32\ihuaf.dat
Removed! : C:\WINDOWS\System32\iipls.dat
Removed! : C:\WINDOWS\System32\jvjqr.dat
Removed! : C:\WINDOWS\System32\lccup.dat
Removed! : C:\WINDOWS\System32\lluly.dat
Removed! : C:\WINDOWS\System32\lnmxs.dat
Removed! : C:\WINDOWS\System32\mfcup.exe
Removed! : C:\WINDOWS\System32\mifdj.dat
Removed! : C:\WINDOWS\System32\nicpf.dat
Removed! : C:\WINDOWS\System32\ocyli.dat
Removed! : C:\WINDOWS\System32\ofzrw.dat
Removed! : C:\WINDOWS\System32\owtra.dat
Removed! : C:\WINDOWS\System32\ppmqz.dat
Removed! : C:\WINDOWS\System32\qfrmv.dat
Removed! : C:\WINDOWS\System32\qkdec.dat
Removed! : C:\WINDOWS\System32\qmyoz.dat
Removed! : C:\WINDOWS\System32\sjeil.dat
Removed! : C:\WINDOWS\System32\tnafw.dat
Removed! : C:\WINDOWS\System32\tqsmy.dat
Removed! : C:\WINDOWS\System32\uscld.dat
Removed! : C:\WINDOWS\System32\wmibp.dat
Removed! : C:\WINDOWS\System32\wumvu.dat
Removed! : C:\WINDOWS\System32\wvvgv.dat
Removed! : C:\WINDOWS\System32\wxxrm.dat
Removed! : C:\WINDOWS\System32\xhroa.dat
Removed! : C:\WINDOWS\System32\yfdmc.dat
Removed! : C:\WINDOWS\System32\ygiax.dat
Removed! : C:\WINDOWS\System32\yhlmr.dat
Removed! : C:\WINDOWS\System32\ykwkv.dat
Removed! : C:\WINDOWS\System32\zxcpy.dat
Attempted Clean Of Temp folder.
Pages Reset... Done! and the other Logfile of HijackThis v1.98.0
Scan saved at 9:11:14 PM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab

#14 Atribune

Atribune

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 302 posts

Posted 14 July 2004 - 09:31 PM

Johnboy , come back to chatroom again tomorrow night please.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button